Snort mailing list archives
Re: Timestamp Question
From: Anthony Kim <Anthony.Kim () VWCREDIT COM>
Date: Fri, 6 Jun 2003 14:03:29 -0500
On Fri, Jun 06, 2003, Sh J wrote:
Hello u all,
Hello to you too!
I'm using snort on win2000 machine. my question is i need to change time stamp field from one to 2 fileds date and time does it possible. Any help will do.
I was also puzzled at the change to time_t format output files. [But it makes sense, really.] So anyhow you can simply post process the files using the language of your choice. I use python. Here are some examples to get ideas flowing:
from time import * print "%s" % (ctime(1054924984)) Fri Jun 06 13:43:04 2003
Nope. We want a tuple to pass to strftime() Let's try this:
print "%s" % (strftime("%Y %m %d %H", localtime(1054924984))) 2003 06 06 13
Sure let's use that. OK, you don't want to use python. Or you'd rather use perl or vbscript or awk or whatever. Experiment. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Timestamp Question Sh J (Jun 06)
- Re: Timestamp Question Anthony Kim (Jun 06)